PowerShell Automation and Scripting for Cybersecurity Hacking and Defense for Red and Blue Teamers

You'll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You'll dig deeper into PowerShell's capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you'...

Full description

Bibliographic Details
Main Author: Wiesner, Miriam C.
Other Authors: Janca, Tanya (writer of foreword)
Format: eBook
Published: Birmingham Packt Publishing, Limited 2023
Edition:1st edition
Online Access:
Collection: O'Reilly - Collection details see MPG.ReNa
LEADER 07178nmm a2200433 u 4500
001 EB002174834
003 EBX01000000000000001312611
005 00000000000000.0
007 cr|||||||||||||||||||||
008 230908 ||| eng
020 |a 9781800569263 
050 4 |a QA76.9.A25 
100 1 |a Wiesner, Miriam C. 
245 0 0 |a PowerShell Automation and Scripting for Cybersecurity  |h [electronic resource]  |b Hacking and Defense for Red and Blue Teamers  |c Miriam C. Wiesner ; foreword by Tanya Janca 
250 |a 1st edition 
260 |a Birmingham  |b Packt Publishing, Limited  |c 2023 
300 |a 572 p. 
505 0 |a Cover -- Title Page -- Copyright and Credits -- Foreword -- Contributors -- Table of Contents -- Preface -- Part 1: PowerShell Fundamentals -- Chapter 1: Getting Started with PowerShell -- Technical requirements -- What is PowerShell? -- The history of PowerShell -- Why is PowerShell useful for cybersecurity? -- Getting started with PowerShell -- Windows PowerShell -- PowerShell Core -- Execution Policy -- Help system -- PowerShell versions -- PowerShell editors -- Summary -- Further reading -- Chapter 2: PowerShell Scripting Fundamentals -- Technical requirements -- Variables -- Data types 
505 0 |a Authentication protocols -- Basic authentication security considerations -- PowerShell remoting and credential theft -- Executing commands using PowerShell remoting -- Executing single commands and script blocks -- Working with PowerShell sessions -- Best practices -- Summary -- Further reading -- Chapter 4: Detection -- Auditing and Monitoring -- Technical requirements -- Configuring PowerShell Event Logging -- PowerShell Module Logging -- PowerShell Script Block Logging -- Protected Event Logging -- PowerShell transcripts -- Analyzing event logs -- Finding out which logs exist on a system 
505 0 |a Querying events in general -- Which code was run on a system? -- Downgrade attack -- EventList -- Getting started with logging -- An overview of important PowerShell-related log files -- Increasing log size -- Summary -- Further reading -- Part 2: Digging Deeper -- Identities, System Access, and Day-to-Day Security Tasks -- Chapter 5: PowerShell Is Powerful -- System and API Access -- Technical requirements -- Getting familiar with the Windows Registry -- Working with the registry -- Security use cases -- User rights -- Configuring access user rights 
505 0 |a Automatic variables -- Environment variables -- Reserved words and language keywords -- Variable scope -- Operators -- Comparison operators -- Assignment operators -- Logical operators -- Control structures -- Conditions -- Loops and iterations -- Naming conventions -- PowerShell profiles -- Understanding PSDrives in PowerShell -- Making your code reusable -- Cmdlets -- Functions -- The difference between cmdlets and script cmdlets (advanced functions) -- Aliases -- Modules -- Summary -- Further reading -- Chapter 3: Exploring PowerShell Remote Management Technologies and PowerShell Remoting 
505 0 |a Technical requirements -- Working remotely with PowerShell -- PowerShell remoting using WinRM -- Windows Management Instrumentation (WMI) and Common Information Model (CIM) -- Open Management Infrastructure (OMI) -- PowerShell remoting using SSH -- Enabling PowerShell remoting -- Enabling PowerShell remoting manually -- Configuring PowerShell Remoting via Group Policy -- PowerShell endpoints (session configurations) -- Connecting to a specified endpoint -- Creating a custom endpoint -- a peek into JEA -- PowerShell remoting authentication and security considerations -- Authentication 
653 |a Hacking / fast / (OCoLC)fst01909643 
653 |a Sécurité informatique 
653 |a Piratage informatique 
653 |a Computer security / fast / (OCoLC)fst00872484 
653 |a Hacking / http://id.loc.gov/authorities/subjects/sh2013002597 
653 |a Computer security / http://id.loc.gov/authorities/subjects/sh90001862 
700 1 |a Janca, Tanya  |e writer of foreword 
041 0 7 |a eng  |2 ISO 639-2 
989 |b OREILLY  |a O'Reilly 
500 |a Description based upon print version of record. - Mitigating risks through backup and restore privileges 
776 |z 1800566379 
776 |z 9781800566378 
856 4 0 |u https://learning.oreilly.com/library/view/~/9781800566378/?ar  |x Verlag  |3 Volltext 
082 0 |a 005.8 
520 |a You'll learn how to configure and analyze Windows event logs and understand the most important event logs and IDs to monitor your environment. You'll dig deeper into PowerShell's capabilities to interact with the underlying system, Active Directory and Azure AD. Additionally, you'll explore Windows internals including APIs and WMI, and how to run PowerShell without powershell.exe. You'll uncover authentication protocols, enumeration, credential theft, and exploitation, to help mitigate risks in your environment, along with a red and blue team cookbook for day-to-day security tasks. Finally, you'll delve into mitigations, including Just Enough Administration, AMSI, application control, and code signing, with a focus on configuration, risks, exploitation, bypasses, and best practices. By the end of this book, you'll have a deep understanding of how to employ PowerShell from both a red and blue team perspective.  
520 |a Explore PowerShell's offensive and defensive capabilities to strengthen your organization's security Purchase of the print or Kindle book includes a free PDF eBook Key Features Master PowerShell for security by configuring, auditing, monitoring, exploiting, and bypassing defenses Research and develop methods to bypass security features and use stealthy tradecraft Explore essential security features in PowerShell and protect your environment against exploits and bypasses Book Description Take your cybersecurity skills to the next level with this comprehensive guide to PowerShell security! Whether you're a red or blue teamer, you'll gain a deep understanding of PowerShell's security capabilities and how to use them. After revisiting PowerShell basics and scripting fundamentals, you'll dive into PowerShell Remoting and remote management technologies.  
520 |a What you will learn Leverage PowerShell, its mitigation techniques, and detect attacks Fortify your environment and systems against threats Get unique insights into event logs and IDs in relation to PowerShell and detect attacks Configure PSRemoting and learn about risks, bypasses, and best practices Use PowerShell for system access, exploitation, and hijacking Red and blue team introduction to Active Directory and Azure AD security Discover PowerShell security measures for attacks that go deeper than simple commands Explore JEA to restrict what commands can be executed Who this book is for This book is for security professionals, penetration testers, system administrators, and red and blue teams looking to learn how to leverage PowerShell for security operations. A basic understanding of PowerShell, cybersecurity fundamentals, and scripting is a must. For some parts a basic understanding of active directory, C++/C#, and assembly can be beneficial